Tag: threaten | Page 2

China-Backed Hackers Threaten Texas Military Sites, Utilities

August 1, 2023/in Computer Security

(TNS) — A Chinese government-backed hacker group’s apparent plan to upend utilities and communication systems that power U.S. military bases poses a major threat to Joint Base San Antonio — and potentially to the region’s water and electricity customers.

U.S. officials say the group, called Volt Typhoon, has inserted malware — computer code intended to damage or disrupt networks or to covertly collect information — deep in the systems of numerous water and electric utilities that serve military installations in the United States and abroad.

The aim could be to delay a U.S. military response if China’s People’s Liberation Army invades Taiwan. President Joe Biden has said the U.S. military would intervene if China invaded the island nation.

“I would be most concerned about U.S. assets in the Pacific Rim — in South Korea and Japan,” said John Dickson, a San Antonio-based cybersecurity consultant and former Air Force intelligence officer. “But we are Military City, USA, and a sophisticated reader doesn’t have to do too much to connect the dots.”

San Antonio is flush with military personnel and missions. It’s home to Fort Sam Houston, the largest military medical training installation in the U.S., as well as to JBSA-Randolph and JBSA-Lackland Air Force bases.

Lackland trains the service’s incoming airmen and conducts cyber warfare and intelligence-gathering operations at its Security Hill facility.

The National Security Agency’s Texas Cryptologic Center occupies a sprawling campus on San Antonio’s West Side. The center conducts worldwide signals intelligence and cybersecurity operations. Signals intelligence involves collecting, decoding and interpreting electronic communications.

It’s unclear if the networks of the San Antonio Water System or CPS Energy, both owned by the city of San Antonio, are infected with Volt Typhoon’s malware.

CPS, the largest municipally owned utility in the U.S., has 930,000 electric and 381,000 gas customers. SAWS serves 511,000 water and 456,000 wastewater customers. The two utilities’ service areas encompass Bexar County and small swaths of neighboring counties.

“We will continue to…

Source…

Hackers Threaten To Leak 80GB of Confidential Data Stolen From Reddit

June 20, 2023/in Computer Security

Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes, TechCrunch reported.

According to TechCrunch, in a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February breach of the company’s systems.

Reddit spokesperson Gina Antonini declined to answer TechCrunch’s questions, but confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. At the time, Reddit CEO Christopher Slowe, or KeyserSosa, said that hackers had accessed employee information and internal documents during a “highly-targeted” phishing attack. Slowe added that the company had “no evidence” that personal user data, such as passwords and accounts, had been stolen.

Bleeping Computer reported that on February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.

According to Bleeping Computer, the phishing attack allows the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.

As first spotted by Dominic Alvieri and shared with Bleeping Computer, the ALPHV ransomware operation, more commonly known as BlackCat, now claims to be behind the February 5th cyberattack on Reddit.

In a “Reddit Files” post on the gang’s data leak site, the threat actors claim to have stolen 80 GB of compressed data from the company during the attack and now plan on leaking the data.

The threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted but did not receive a response.

Bleeping Computer posted a screenshot of the information from ALPHV. Here are some:

“…I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data.

“But I am very happy to know that the public will be able to read…

Source…

Hackers threaten to leak stolen data if Reddit doesn’t reverse API changes

June 19, 2023/in Computer Security

The situation surrounding Reddit’s changes to its API continues to get even weirder. Earlier this year, a ransomware group used a sophisticated phishing attack to steal 80GB of data from Reddit. Now, ransomware group BlackCat is claiming responsibility for that hack and threatening to release that information if Reddit doesn’t reverse its API changes and pay a $4.5 million ransom…

As spotted by Bleeping Computer, researcher Dominic Alvieri spotted BlackCat’s announcement today in which it threatens to release the data publicly if Reddit doesn’t meet its demands.

BlackCat is demanding that Reddit not only pay that $4.5 million ransom but also reverse its controversial API changes that will kill many third-party apps. BlackCat was previously waiting for Reddit’s long-awaited IPO to claim responsibility for this breach but has instead opted to seize on the ongoing controversy surrounding those API changes.

I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took.

In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.

Reddit publicly acknowledged the security incident back in February, saying that it was a “sophisticated and highly-targeted phishing attack.” The attackers sent “plausible-sounding prompts” redirecting employees to a website that cloned the behavior of the company’s intranet. As a result, the attackers were able to steal credentials and two-factor tokens.

Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to…

Source…

IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia

June 8, 2023/in Internet Security

In addition to the rise in botnet-driven DDoS attacks, the Threat Intelligence Report highlights a doubling in the number of trojans targeting personal banking information on mobile devices, now accounting for 9% of all infections.

A recent report from Nokia’s Threat Intelligence Center sheds light on the alarming rise of IoT botnet DDoS attacks targeting telecom networks worldwide. The study reveals a fivefold increase in such attacks over the past year, with cybercriminals exploiting insecure IoT devices and profit-driven hacking collectives.

This surge in malicious activity initially observed during the Russia-Ukraine conflict, has now spread to various regions globally, jeopardizing critical infrastructure and services beyond telecom networks.

The proliferation of IoT devices among consumers has contributed significantly to the escalation of botnet-driven DDoS attacks. The number of compromised IoT devices used in these attacks has soared from 200,000 to approximately 1 million, currently accounting for more than 40% of all DDoS traffic.

IoT Botnet Attacks Threaten Global Telecom Networks, Nokia Threat Intel Report — Geographical distribution of active botnet devices, by country (Source: Nokia Deepfield)

The report underscores that this rise in attacks stems from the growing number of profit-driven hacking collectives, taking advantage of the Ukraine crisis.

A prevalent form of malware in telecommunication networks is bot malware, which scans for vulnerable devices—a tactic associated with multiple IoT botnets. With lax security measures prevalent in billions of IoT devices worldwide, encompassing everything from smart refrigerators to medical sensors and smartwatches, cybercriminals have found ample targets to exploit.

In addition to the rise in botnet-driven DDoS attacks, the Threat Intelligence Report highlights a doubling in the number of trojans targeting personal banking information on mobile devices, now accounting for 9% of all infections. This puts millions of users worldwide at heightened risk of having their financial and credit card details compromised. Trojans are malicious software codes that disguise themselves as legitimate applications.

On a positive note, the report reveals a decline in malware…

Source…

Tag Archive for: threaten